Add sanity tests for CMAC-(3)DES through PSA Crypto Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

commit: 63fa40e593405cb872295b8c396ec335f6854801 [log] [tgz]
author: Steven Cooreman <steven.cooreman@silabs.com> Fri May 07 17:27:27 2021 +0200
committer: Steven Cooreman <steven.cooreman@silabs.com> Tue May 11 18:56:01 2021 +0200
tree: 12c8e46518458e73e4204e729cd122e31be893fc
parent: aaf9944db3e8ef0a82885cc3fcf8fecd7b79e5ac [diff] [blame]
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 9c44c23..6972472 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c

@@ -195,6 +195,16 @@
                                 const uint8_t *key_buffer )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+#if defined(PSA_WANT_KEY_TYPE_DES)
+    /* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
+     * to do CMAC with pure DES, so return NOT_SUPPORTED here. */
+    if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES &&
+        ( psa_get_key_bits( attributes ) == 64 ||
+          psa_get_key_bits( attributes ) == 128 ) )
+        return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+
     const mbedtls_cipher_info_t * cipher_info =
         mbedtls_cipher_info_from_psa(
             PSA_ALG_CMAC,
commit	63fa40e593405cb872295b8c396ec335f6854801	[log] [tgz]
author	Steven Cooreman <steven.cooreman@silabs.com>	Fri May 07 17:27:27 2021 +0200
committer	Steven Cooreman <steven.cooreman@silabs.com>	Tue May 11 18:56:01 2021 +0200
tree	12c8e46518458e73e4204e729cd122e31be893fc
parent	aaf9944db3e8ef0a82885cc3fcf8fecd7b79e5ac [diff] [blame]